mrragava / mystikos

Tools and runtime for launching unmodified container images in Trusted Execution Environments
0 stars 0 forks source link

Mystikos

What is Mystikos?

Mystikos is a runtime and a set of tools for running Linux applications in a hardware trusted execution environment (TEE). The current release supports Intel ® SGX while other TEEs may be supported in future releases.

Goals

Architecture

Mystikos consists of the following components:

Today, two target implementations are provided:

The minimalist kernel of Mystikos manages essential computing resources inside the TEE, such as CPU/threads, memory, files, networks, etc. It handles most of the syscalls that a normal operating system would handle (with limits). Many syscalls are handled directly by the kernel while others are delegated to the target specified while launching Mystikos.

Installation Guide for Ubuntu

As of release version 0.7.0, Mystikos may be built and installed on Ubuntu 18.04 and 20.04. Earlier Mystikos versions are only compatible with Ubuntu 18.04.

Install from Released Package

To install Mystikos using one of the released packages, please follow the appropriate guide to install on Ubuntu 18.04 or Ubuntu 20.04.

Install From Source

You may also build Mystikos from source. The build process will install the SGX driver and SGX-related packages for you.

Quick Start Docs

Eager to get started with Mystikos? We've prepared a few guides, starting from a simple "hello world" C program and increasing in complexity, including demonstrations of DotNet and Python/NumPy.

Give it a try and let us know what you think!

Simple Applications

Samples

Mystikos samples provides a number of samples in various programming languages and serves as a good place for developers to start.

Enclave Aware Applications

Sometimes, you want to take advantage of specific properties of the Trusted Execution Environment, such as attestation. The following example shows how to write a C program which changes its behaviour when it detects that it has been securely launched inside an SGX enclave.

More Docs!

We've got plans for a lot more documentation as the project grows, and we'd love your feedback and contributions, too.

Developer Docs

Looking for information to help you with your first PR? You've found the right section.

For more information, see the Contributing Guide.

Licensing

This project is released under the MIT License.

Reporting a Vulnerability

Please DO NOT open vulnerability reports directly on GitHub.

Security issues and bugs should be reported privately via email to the Microsoft Security Response Center (MSRC) at secure@microsoft.com. You should receive a response within 24 hours. If for some reason you do not, please follow up via email to ensure we received your original message.

Code of Conduct

This project has adopted the Microsoft Code of Conduct. All participants are expected to abide by these basic tenets to ensure that the community is a welcoming place for everyone.